ICO agitates for prison sentences, not just fines

An ex Barclays bank employee has been fined over £3,000 by the Information Commissioner’s Office for accessing private customer records. But this had led the ICO to call for more strict punishments, including the threat of prison.

Jennifer Addo, 27, appeared at Croydon Magistrates Court today. She was prosecuted under section 55 of the Data Protection Act and fined £2,990 for 23 offences, as well as being made to pay out £250 in a victim surcharge and £120 prosecution costs.

The branch noted Addo when a customer reported information about his account had been passed on to a partner. Addo had illegally gained access to the same customer’s details 22 times between 10 May 2011 and 8 August 2011.

Addo was aware that she was not supposed to access customer details but confessed she decided to look anyway, passing information on to her friend. The ICO had been in touch with Addo but received no response until the prosecution today.

Stephen Eckersley, head of enforcement for the ICO, said that for all the banking industry’s safeguards, it still relies on the honesty of staff to respect private records.

“This case proves, yet again, why we need a more appropriate penalty for the crime of personal data theft,” Eckersley said. “With the law as it stands, this prosecution isn’t even recorded on the police national computer which means that an offender could apply for a job in a high street bank tomorrow and the potential employer wouldn’t be informed about the offence.

“The current ‘fine only’ regime is clearly not deterring people from breaking the law,” Eckersley said.

In addition to the fine, Addo lost her job at Barclays.

The ICO is using this particular case to agitate for what it calls more effective “deterrent sentences” – among them prison time.